|
258511
|
7.8 |
HIGH
Local
|
synology
|
cloud_station_backup
|
Multiple untrusted search path vulnerabilities in the installer in Synology Cloud Station Backup before 4.2.5-4396 on Windows allow local attackers to execute arbitrary code and conduct DLL hijacking…
|
CWE-426
Untrusted Search Path
|
CVE-2017-11157
|
2024-11-21 12:07 |
2017-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258512
|
8.8 |
HIGH
Network
|
pulsesecure
ivanti
|
pulse_connect_secure
connect_secure
pulse_policy_secure
|
diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through 8.1R10 and Pulse Policy Secure 5.3R1 through 5.3R5, 5.2R1 through 5.2R8, and 5.1R1 through 5.1R10 allow remote attackers to hijack …
|
CWE-352
Origin Validation Error
|
CVE-2017-11455
|
2024-11-21 12:07 |
2017-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258513
|
7.5 |
HIGH
Network
|
pyjwt_project
debian
|
pyjwt
debian_linux
|
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed becau…
|
NVD-CWE-noinfo
|
CVE-2017-11424
|
2024-11-21 12:07 |
2017-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258514
|
7.8 |
HIGH
Local
|
synology
|
photo_station_uploader
|
Multiple untrusted search path vulnerabilities in installer in Synology Photo Station Uploader before 1.4.2-084 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking a…
|
CWE-426
Untrusted Search Path
|
CVE-2017-11159
|
2024-11-21 12:07 |
2017-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258515
|
9.8 |
CRITICAL
Network
|
codiad
|
codiad
|
components/filemanager/class.filemanager.php in Codiad before 2.8.4 is vulnerable to remote command execution because shell commands can be embedded in parameter values, as demonstrated by search_fil…
|
CWE-78
OS Command
|
CVE-2017-11366
|
2024-11-21 12:07 |
2017-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258516
|
7.8 |
HIGH
Local
|
estsoft
|
alzip
|
Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted MS-DOS device file, as demonstrated by use of "AUX" as the initial substr…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2017-11323
|
2024-11-21 12:07 |
2017-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258517
|
7.8 |
HIGH
Local
|
synology
|
assistant
|
Multiple untrusted search path vulnerabilities in installer in Synology Assistant before 6.1-15163 on Windows allows local attackers to execute arbitrary code and conduct DLL hijacking attack via a T…
|
CWE-426
Untrusted Search Path
|
CVE-2017-11160
|
2024-11-21 12:07 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258518
|
7.5 |
HIGH
Network
|
strongswan
|
strongswan
|
The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.
|
CWE-476
NULL Pointer Dereference
|
CVE-2017-11185
|
2024-11-21 12:07 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258519
|
7.8 |
HIGH
Local
|
synology
|
download_station
|
Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 uses weak permissions (0777) for ui/dlm/btsearch directory, which allows remote authenticated users to execute arbitrary code…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2017-11156
|
2024-11-21 12:07 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258520
|
7.8 |
HIGH
Local
|
synology
|
office
|
Command injection vulnerability in Document.php in Synology Office 2.2.0-1502 and 2.2.1-1506 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the crafted fi…
|
CWE-78
OS Command
|
CVE-2017-11150
|
2024-11-21 12:07 |
2017-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
